Submit Changelog
Track Changelogs

Sky Login Redirect

Changelog

4.1.9 – 2026-03-30

  • Performance – Carbon Fields no longer loads on frontend, saving ~5-15 ms PHP time and ~1-2 MB memory per public page load
  • Performance – Freemius SDK no longer initialises on frontend β€” all plan checks are strictly admin-only
  • Performance – Premium widget rewritten as plain WP_Widget, removing CF boot requirement on every widgets_init call
  • Performance – Removed redundant get_cached_options() hook on save β€” cache repopulates lazily
  • Bug Fix – Cookies were not cleared on logout due to sanitize_key() stripping uppercase from cookie names
  • Bug Fix – CSS value 0 was silently ignored in the login customizer (border-radius: 0, border-width: 0, etc.)
  • Security – Open redirect hardening: custom redirect URLs now validated with wp_validate_redirect() in addition to esc_url_raw()
  • Resilience – Server-side redirect_to hidden field injection for compatibility with security plugins (WPS Limit Login, etc.)
  • Resilience – login_redirect and logout_redirect filter priorities raised to PHP_INT_MAX
  • Resilience – Cookie-based fallback in redirect logic when redirect_to is stripped by security plugins
  • Internal – Login customizer hook moved from carbon_fields_register_fields to after_setup_theme
  • Internal – carbonade() replaces carbon_get_theme_option() in RedirectManager for frontend compatibility
  • Internal – Freemius helper renamed to snake_case, uninstall hook and premium loader gated to is_admin()

4.1.8 – 2026-03-24

  • Security – add wp_strip_all_tags() defense-in-depth to all inline CSS outputs (login customizer, WooCommerce customizer, modal customizer, custom CSS blocks, code CSS)
  • Security – remove Select2 library and custom AJAX search system entirely β€” Carbon Fields handles selects natively
  • Performance – remove update_option() from read path in get_cached_options() (VIP compatibility)
  • Performance – carbonade() now reads from object cache / transient two-tier cache instead of direct get_option() DB query
  • Performance – modal login form no longer renders HTML or generates nonces for logged-in users
  • Performance – modal AJAX login script only enqueues for logged-out users via reliable template_redirect check
  • Performance – flush all cache layers (object cache + transient) on Carbon Fields settings save with correct priority ordering
  • Compatibility – patch Carbon Fields Pimple container for PHP 8.5: replace deprecated SplObjectStorage::attach()/detach() with offsetSet()/offsetUnset()
  • Refactor – split modal ModalLoginManager::initAjaxLogin() into registerAjaxHandler() (init) and enqueueLoginScripts() (template_redirect) for proper separation of concerns

Older versions changes can be found in the changelog

Plugin Website
Visit website

Author
Matt Biscay
Version:
4.1.9
Last Updated
March 30, 2026
Active Installs
2000
Requires
WordPress 5.6
Tested Up To
WordPress 6.9.4
Requires PHP
8.1

Share Post

Join our newsletter.

Get insights into what’s happening at ChangelogWP right in your inbox. We don’t believe in spam.